- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, December 11, 20248:30 amExhibitor Hall openRegistration Level:
- Open Sessions
8:30 am - 8:30 amYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:00 amOPENING KEYNOTERegistration Level:- Open Sessions
9:00 am - 9:45 am9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:00 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:00 amLeading with Empathy and Grace: Secrets to Developing High-Performing TeamsCISO, TrinseoRegistration Level:- Open Sessions
10:00 am - 10:45 amSession description to come.
10:00 amArtificial Intelligence – Acceptable Use PolicyvCISO, Cyber Risk Opportunities LLCRegistration Level:- Open Sessions
10:00 am - 10:45 amSession description coming soon.
10:00 am[Panel] How IT can improve your GRC programRegistration Level:- Open Sessions
10:00 am - 10:45 am10:45 amNetworking BreakRegistration Level:- Open Sessions
10:45 am - 11:00 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:00 amSocial Engineering: Training the Human FirewallTeam Leader of Information Security, GarminRegistration Level:- Open Sessions
11:00 am - 11:45 amPhishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.
11:00 amInsider Threat: Clever Adversary Tactics to Infiltrate Your Organization You Need to Know…NOW!ICEO & Founder, Center for Threat IntelligenceRegistration Level:- Open Sessions
11:00 am - 11:45 amInsider threats pose a significant and often underestimated risk to organizations. This session dives deep into the cunning tactics employed by malicious insiders to infiltrate and compromise your most valuable assets. Learn about:
- The Evolving Insider Threat Landscape: Understand the motivations and methods of today’s insider threats, from disgruntled employees to external actors leveraging compromised credentials.
- Social Engineering & Manipulation: Uncover the subtle techniques used to exploit trust and gain unauthorized access to sensitive information.
- Data Exfiltration & Sabotage: Recognize the warning signs of data breaches, intellectual property theft, and deliberate system disruption orchestrated from within.
- Technical Exploitation & Privilege Abuse: Explore how insiders can leverage their knowledge and access to bypass security controls and exploit vulnerabilities.
- Proactive Defense & Mitigation Strategies: Discover practical steps to detect, deter, and respond to insider threats, including user activity monitoring, access control, and security awareness training.
This session is critical for security professionals, IT administrators, risk managers, and anyone responsible for protecting their organization from internal threats.
11:00 amAsk the Experts: Navigating the Evolving Cyber Threat LandscapeRegistration Level:- Open Sessions
11:00 am - 11:45 amThe threat landscape is constantly evolving, with new and sophisticated attacks emerging daily. This expert panel provides critical insights into the latest cyber threats, equipping you with the knowledge and strategies to defend your organization. Join us for a dynamic discussion on:
- The Rise of AI-Powered Attacks: Explore how artificial intelligence is being weaponized by threat actors to launch more effective and evasive attacks.
- The BEC Evolution: Uncover the latest tactics used in Business Email Compromise (BEC) scams, including deepfakes and account takeovers.
- Ransomware’s Relentless Grip: Understand the evolving ransomware landscape, with a focus on double extortion, ransomware-as-a-service, and emerging attack vectors.
- Beyond the Headlines: Gain insights into other emerging threats, including supply chain attacks, IoT vulnerabilities, and the exploitation of critical infrastructure.
This panel discussion is essential for security professionals, business leaders, and anyone interested in staying ahead of the curve in cybersecurity.
11:45 amNetworking BreakRegistration Level:- Open Sessions
11:45 am - 12:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
12:00 pmDrag Racing & Cybersecurity: The CrossoverAssociate CISO, St. Luke's University Health NetworkRegistration Level:- Open Sessions
12:00 pm - 12:45 amYou’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.
12:00 pm5 Things InfoSec Needs to Hear about QuantumSecurity ResearcherRegistration Level:- Open Sessions
12:00 pm - 12:45 pmThe quantum revolution is coming, and it will profoundly impact the cybersecurity landscape. This session cuts through the hype to deliver five essential takeaways about quantum technology and its implications for protecting digital assets. Learn about:
- Quantum Computing’s Power: Understand how quantum computers can break current encryption algorithms and render widely used security protocols obsolete.
- The Post-Quantum Cryptography Race: Explore the ongoing development of new cryptographic algorithms designed to withstand quantum attacks.
- Threat Timeline & Preparedness: Get a realistic assessment of when quantum threats are likely to materialize and how to prepare your organization.
- Quantum-Resistant Security Strategies: Discover practical steps you can take today to mitigate future risks, including adopting hybrid classical-post quantum approaches.
- Beyond Cryptography: Explore other cybersecurity applications of quantum technology, such as quantum key distribution and quantum-resistant blockchain.
This session is vital for CISOs, security architects, cryptography specialists, and anyone responsible for long-term cybersecurity strategy.
12:00 pmBenchmarking Your Cybersecurity FrameworkRegistration Level:- Open Sessions
12:00 pm - 12:45 pmMeasuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.
12:45 pmNetworking BreakRegistration Level:12:45 pm - 1:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:00 pmThreat Modeling 101: Star Wars EditionSr. Security Software Engineer, MicrosoftRegistration Level:- Open Sessions
1:00 pm - 1:45 pmSession description coming soon.
1:00 pmReading the Tea Leaves: What to Expect from Your 2025 Cyber Insurance RenewalVice President, Cyber Liability, Woodruff SawyerFocus Group Leader, E&O, Cyber Risks, BeazleyCISO, The Anschutz CorporationAdjunct Professor, Baylor School of Law; AVP, Cyber Solutions Team Leader, Crum & ForsterRegistration Level:- Open Sessions
1:00 pm - 1:45 pmThe claims environment remains fraught with cyber threats, particularly ransomware. At the same time, privacy concerns continue to escalate, with a heightened focus on data protection, biometric security, and non-breach privacy claims. Regulatory scrutiny from the FTC and State Privacy Regulators further emphasizes the need for robust cybersecurity measures.
To effectively mitigate risks, organizations must prioritize controls such as EDR, DLP, privileged account management, and technology product risk management. A proactive approach to third-party risk management and supply chain resilience is also essential. Culture and awareness training play a pivotal role in fostering a security-conscious workforce.
Maximizing cyber insurance efforts requires collaboration across departments. CISOs should engage with risk managers and legal teams to ensure alignment in coverage discussions and budget allocation. Cyber underwriting exercises can provide valuable insights for business impact assessments and audit committee reviews, fostering a shared understanding of risk and mitigation strategies.
1:00 pmFrom Campus to Community: How USC's CISO is Redefining University SecurityCISO, USCRegistration Level:- Open Sessions
1:00 pm - 1:45 pmThe University of Southern California (USC) is more than just a campus; it’s a bustling hub with a population rivaling many small towns. This presents unique cybersecurity challenges that extend far beyond protecting student data and academic research.
In this insightful interview, USC’s CISO Sandra Taylor provides a behind-the-scenes look at how the university is redefining security in a complex environment.
- The “city within a city” challenge: Discover how USC safeguards a diverse community encompassing students, faculty, staff, residents, businesses, and visitors.
- Beyond the traditional perimeter: Learn how USC’s security strategy addresses the complexities of a sprawling campus integrated with public spaces and infrastructure.
- Protecting critical research and innovation: Understand how USC secures cutting-edge research, intellectual property, and sensitive data in a collaborative environment.
- Building a culture of cybersecurity awareness: Gain insights into USC’s initiatives to educate and empower its community to become active participants in cybersecurity.
This interview is essential for security professionals facing the complexities of securing a large and diverse community.
1:45 pmNetworking BreakRegistration Level:- Open Sessions
1:45 pm - 2:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:00 pm[Closing Session] Behavioral Profiling - Know Thine EnemyCyber Behavioral Profiler, FBI (Ret.) and Modus CyberandiRegistration Level:- Open Sessions
2:00 pm - 2:45 pmIn the ever-evolving landscape of cyber threats, understanding your adversary is paramount. This session delves into the dark arts of behavioral profiling, providing cybersecurity professionals with the tools to anticipate, analyze, and mitigate attacks. Learn how to:
- Profile Threat Actors: Identify the distinct behaviors, motivations, and tactics of different attacker groups, from script kiddies to sophisticated nation-state actors.
- Recognize Attack Patterns: Decipher the telltale signs of malicious activity by analyzing user behavior, network traffic, and system logs.
- Predict Future Attacks: Anticipate an attacker’s next move by understanding their goals, capabilities, and past behaviors.
- Strengthen Your Defenses: Develop proactive security measures and incident response strategies based on behavioral insights.
This session is crucial for security analysts, incident responders, threat hunters, and anyone involved in safeguarding digital assets.
2:00 pm[Closing Session] Cyber Intel BriefingCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCFounding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)Registration Level:- Open Sessions
2:00 pm - 2:45 pmThis presentation will provide a comprehensive overview of the current cyber landscape, focusing on both global and domestic government-related threats and incidents. We will delve into recent high-profile attacks, explore emerging trends, and discuss the evolving tactics employed by cybercriminals and nation-states. Additionally, the presentation will examine the ongoing challenges faced by governments in protecting critical infrastructure, securing sensitive data, and mitigating the risks posed by cyber espionage. By understanding the latest developments in the cyber threat environment, attendees will gain valuable insights into safeguarding government networks and systems.
- AutomoxBooth:
Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.
- Critical StartBooth:
Critical Start Managed Cyber Risk Reduction solutions deliver continuous security cyber risk monitoring and mitigation enabling strong protection against threats. Combined with a team of expert risk mitigators, our platform provides maturity assessments, posture and event analytics, response capabilities, comprehensive threat intelligence, and security workload management capabilities. We help you achieve the highest level of cyber risk reduction for every dollar invested, leading to increased confidence in reaching your desired level of security posture.
- Semgrep Inc.Booth:
Semgrep, Inc. is a cybersecurity company based in San Francisco. The company develops the Semgrep AppSec Platform (a commercial offering for SAST, SCA, and secrets scanning) and actively maintains the open-source static code analysis tool semgrep OSS.
- Tammy KlotzCISO, Trinseo
Tammy Klotz is a vibrant and accomplished executive with over three decades of diverse experience in the manufacturing industry, specializing in cybersecurity and transformational leadership. She offers keen expertise in navigating mergers, acquisitions, and divestitures within both publicly-traded and privately-held companies and is seasoned in security, risk, and compliance leadership. Tammy brings a dynamic and positive approach to problem solving, excelling in simplifying intricate IT and cybersecurity concepts and facilitating pragmatic, non-technical dialogues that resonate with business executives. She is recognized as a strong, knowledgeable, thoughtful security executive who excels in public speaking and thought leadership, striving to empower others through knowledge sharing.
- Kip BoylevCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Automox Representative
- Reanna SchultzTeam Leader of Information Security, Garmin
Reanna Schultz is from Kansas City, MO, and attended the University of Central Missouri (UCM). She graduated in 2018 with her Bachelor of Science in Cybersecurity: Secure Software Development and in 2020 for Master of Science in Cybersecurity: Information Assurance. While being in the industry, Reanna has been exposed to numerous SANS hosted classes. Reanna volunteers as a National Cyber League coach and provides her industry expertise by doing guest speaker talks for numerous colleges and high schools across the Midwest to STEM students. Reanna currently works as a Team Lead at Garmin and directly reports out of their SOC.
- Janet LawlessCEO & Founder, Center for Threat Intelligence
Janet is CEO and Founder of Center for Threat Intelligence. Janet established a team of intelligence experts to build a cutting-edge holistic threat intelligence program including assessments, consulting and training. Janet’s former leadership roles at Microsoft and Cisco, creating and managing global programs focused on compliance and security, in addition to her work at a cyber-security start-up, brings a wealth of knowledge in security services. Janet is currently the Chair for ASIS International Puget Sound Chapter, and former Committee Chair for Women in Security. She is Chair Emeritus for the Pacific Coast Analyst Roundtable and a former Board Member for the American Red Cross. She is also a member of InfraGard, the United States Secret Service Cyber Fraud Task Force and the Washington State Fusion Center.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- John OMalleySecurity Researcher
- Audrey LongSr. Security Software Engineer, Microsoft
Audrey Long is a Senior Security Software Engineer at Microsoft. She is passionate about making security accessible both to software engineers and as a career for girls in STEM. She holds DoD secret clearance and a Master of Science degree in Cyber Security from Johns Hopkins University.
- David AndersonVice President, Cyber Liability, Woodruff Sawyer
David focuses on complex cyber, privacy, technology, and professional liability issues and is a dedicated and fierce advocate for his clients.
- Ashley HellerFocus Group Leader, E&O, Cyber Risks, Beazley
Ashley is responsible for the management of the Technology Liability portfolio at Beazley, a leading London-based specialty insurer. Prior to her time at Beazley, Ashley was an underwriting manager at AIG, where she underwrote Cyber for National Accounts.
- Sam MasielloCISO, The Anschutz Corporation
Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Prior to The Anschutz Corporation, he served as the CISO at Gates Corporation, where he was responsible for the company's data security, risk, and global compliance initiatives. Before that, he was CISO at TeleTech, where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which included many Fortune 500 companies.
Sam has also been the Chief Security Officer, Head of Application Security, and Head of Security Research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA), and a member of the Anti-Phishing Working Group (APWG).
- Violet SullivanAdjunct Professor, Baylor School of Law; AVP, Cyber Solutions Team Leader, Crum & Forster
Violet Sullivan leads cyber consulting services at Crum & Forster. She works with insurance carriers, trade associations, and individual business clients from around the world providing expert guidance on cybersecurity threat management and response. She represents Crum & Forster within the legal, insurance, and risk management channels to develop long-term relationships, recurring revenue, and new business growth. Ms. Sullivan is a licensed attorney in Texas and Pennsylvania and a Certified Information Privacy Professional (CIPP/US), with her JD and MBA degrees from Baylor University. In addition to her full-time role, Violet serves as a professor of Cybersecurity & Privacy Law for Baylor Law School’s LL.M. Degree in Litigation Management, the first of its kind nationwide. Her diverse practice experience at both the individual and policy levels has prepared her for developing new tools and approaches to solving what is fast-becoming a pervasive and costly challenge in modern industry: how to respond to a cybersecurity incident.
Early in her career, Violet worked on the incident responses for some of the largest and most notable data breaches to date, including: Home Depot, Sony, and Anthem. Her experience in managing scaled breach responses led to her expertise and proficiency in proactively preparing organizations for cyber incidents. In the past eight years, she has facilitated over 450 cyber incident simulations (tabletops) for public and private sector companies, including many Fortune 100 companies.
As a cybersecurity and privacy attorney, Violet provides consulting services to respond to the needs of various cybersecurity programs. She reviews and develops customized incident response plans to ensure organizations are prepared to respond efficiently and effectively to a data breach. Violet also helps improve internal coordination by facilitating customized tabletop simulations focused on "pressure-testing" an organization's incident response procedures and protocols. Each of these customer-facing services mentioned has been built and developed for the purpose of creating long-standing relationships that turn to Violet for guidance, referrals, questions, and future projects.
As a cybersecurity and privacy professor, Violet developed the entire curriculum for an innovative course on cybersecurity and privacy law for licensed attorneys working toward their LL.M. degree. The specific focus on litigation management has made Sullivan’s course and her lecture series uniquely valuable to experts across the United States.
- Sandy TaylorCISO, USC
Strategic and people centric information security leader with 20+ years of experience with notable success in designing, planning, analysis, and implementation of large and complex security initiatives across federated organizations. Strength in providing comprehensive and practical security risk reduction plans and roadmaps to the business. Impactful record of efficiently evaluating and reducing / mitigating risks, protecting high value systems, and ensuring usability in lieu of high friction controls.
- Cameron H. MalinCyber Behavioral Profiler, FBI (Ret.) and Modus Cyberandi
Cameron Malin, JD, CISSP, is the founder of Modus Cyberandi, a bespoke Cyber Behavioral Profiling consultancy specializing in the assessment of cyber threat actor decision making, adversary tradecraft, cyber deception, and cognitive vulnerabilities. As a retired Behavioral Profiler with the Federal Bureau of Investigation (FBI), he has more than 22 years of experience investigating, analyzing, and profiling cyber adversaries across the spectrum of criminal to national security attacks.
During his tenure in the FBI, he was the founder of both the FBI Behavioral Analysis Unit's (BAU) Cyber Behavioral Analysis Center (CBAC), the FBI BAU's methodology and application of science-based behavioral profiling and assessment to national security and criminal cyber offenders—and the BAU’s Deception and Influence Group (DIG), a uniquely trained and experienced cadre of Behavioral Profilers specialized in analyses and countermeasures to adversary cyber deception campaigns and influence operations.
He is a co-author of the authoritative cyber deception book, "Deception in the Digital Age: Exploiting and Defending Human Targets Through Computer-Mediated Communications" (published by Academic Press, an imprint of Elsevier, Inc.), and co-author of the Malware Forensics book series: "Malware Forensics: Investigating and Analyzing Malicious Code," "Malware Forensics Field Guide for Windows Systems," and "Malware
Forensics Field Guide for Linux Systems" (all published by Syngress, an imprint of Elsevier, Inc.). - Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- VJ ViswanathanFounding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)
VJ Viswanathan is a seasoned technology executive recognized and awarded for innovation, business capability transformation, and thoughtful mentorship. Most recently, VJ is the founding partner at CYFORIX, a global cybersecurity research, advisory, and strategic consulting firm delivering solutions to public and private sectors. He also serves as the CEO at TORQE, a specialized advisory firm focused on analytics, automation, and convergent technologies. VJ is the co-host of ELEVATEINTEL, a podcast series at the nexus of technology, social, and defense.
With more than 25 years of pioneering enterprise technology, cybersecurity, privacy, and compliance & risk management experience, VJ has a detailed track record of designing, implementing, and leading highly successful programs, products, and services at multinational Fortune 100 brands spanning CPG, telecom, media, supply chain, healthcare, and finance segments. As a strategic thought leader, VJ has delivered the first of its kind "Supply Chain Security" & “Omni-channel Risk Management” frameworks. As a published author and featured keynote speaker at global industry events, he approaches disruptive digital paradigms with innovation, creativity, and active collaboration with his key industry peers, researchers, national & international law enforcement, and defense groups.
VJ is an active mentor at various incubators and accelerators groups, serves as an advisory board member for growth stage companies. As a strategic adviser to VC & PE firms, he specializes in developing market analysis, competitive product road maps, and guides in opportunity mapping. As a board member and subject matter advisor to CEOs and corporate directors, VJ evaluates and audits enterprise technology and cybersecurity programs for veracity and operational effectiveness.
VJ is passionate about animal rights and giving back to the technology and security industry. He has created a rescue and foster care group for large breed dogs. He is actively engaged with academic institutions and purpose-driven professional groups like Minorities in Cyber Security, where he serves as a board member and chair of mentorship programs to develop the next generation talent through coaching and facilitating scholarships for technology and cybersecurity education.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Learn from cyber leaders on relevant, timely security topics. Reserve your spot today!